10341000x8000000000000000259754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.754{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.754{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.453{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.474{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.160{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.160{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.160{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.021{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.402{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.402{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.368{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.363{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308